Multiple vulnerabilities have been discovered in Pango. Please review
the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could entice a user to load specially
crafted text using an application linked against Pango, possibly
resulting in execution of arbitrary code with the privileges of the
process or a Denial of Service condition.

Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these packages.
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 18, 2011. It is likely that your system is already
no longer affected by this issue.